摘要
由于传统的基于信息加密的被动式信息保护技术不能满足现代信息安全的需求,主动检测攻击的防御技术变得迫切重要,本文正是基于这种需要而提出的一种基于统计方法的入侵检测模型。审计记录是入侵检测模型实施的依据,本文使用神经网络技术来训练这些审计记录,获得每个属性的正常区间,通过区间选取算法,就可得到阀值向量,结合加权特征向量和伯努利向量,就可以进行加权入侵得分的计算和疑义商的计算,疑义商就是本模型判断入侵的依据,其值越大意味着相应的会话入侵的可能性越大。只要根据领域专家的经验,设置相应的阀值就可以自动地实现入侵报警。
The traditional information protection technique based on information encryption is passive. This can't satisfy the need of the modern information security, so the defense technique of the active detection on attack becomes urgently important. This text then puts forward an intrusion detection model based on statistics according to this kind of need. Audit records are the foundation of the intrusion detection model. This text uses the neural network technique to train these audit records, and then gets the normal zone of each attribute. It will get value vector by computing the zone selection algorithm. Then we can compute the weighted intrusion score and the suspicion quotient by putting the weighted vector and the Bernoulli vector together. The suspicion quotient is a basis to judge whether an intrusion has happened or not. The bigger the value of the suspicion quotient is, the more possibility of an intrusion. Ac- cording to the experiences of the exports in this field, the model will alarm automatically if we configure the corresponding values.
出处
《微计算机信息》
北大核心
2007年第30期120-122,共3页
Control & Automation
基金
教育部跨世纪人才基金项目(02029)
关键词
统计方法
入侵检测
神经网络
疑义商
Statistics, Intrusion detection, Neural network, Suspicion quotient
